Support for rate limiting for user provisioning from Azure (SCIM)
Azure currently does not support rate limiting when using SCIM to provision the users to target applications.
429 status codes are counted as errors and retry-after headers are simply ignored. When dealing with a single service that receives all these requests from different Azure applications all trying to provision their user base, the load quickly becomes too much. There needs to be a way to control how these requests are dealt with and let Azure know that it should stop sending requests the server can't process.
If we have a 100 customers all using Azure to provision their users to our application using SCIM, this can run up 2500 requests per second. There comes a point when everybody simple reaches their limit on what they can handle.
What happens now is that when we receive to many requests, our servers get slow and unresponsive, so we need to limit this. We already do this by sending back a 429 status code. However Azure processes these as errors and when too many requests are returned that fail, it will place the customer in quarantine. This keeps happening for our customers causing the initial sync to take a long time because it has to wait 24 hours to get out of quarantine.